Speak
Clear All
As promised here is a small article explaining the implementation of a mail server on CentOS with access secure IMAP (SSL encryption). We are talking here about a situation very simple, users are local accounts of the system, messages are stored in their personal directory. This is what you should do for a personal server or with few users.
For the SMTP (send/receive) function we use Postfix, and for accessing IMAP (mail via a remote messaging client consultation) it will be Dovecot. The server will be able to receive mail, but we will not treat the sending part (you can go through any SMTP, for example that of your ISP) because all ways 25 outgoing port is blocked on the outside.
Cases and prerequisites
You must have a domain name on internet redirected you (otherwise the reception of mails will be impossible). If you go through a router with NAT layer remember to redirect port 25 on your server.
In this tutorial we will take as (fictional) area: freeman.org
Installation
The installation requires no special handling. If you go through the DVD, you will have the choice of the “roles”, select “Minimal”.
Network
The network configuration is detailed on this page, or on the documentation of CentOS.
In system-config-network-tui, don’t forget to go ride in “DNS Configuration” to enter your host name (for example mail.freeman.org).
Update and installation
First perform an update of the system and then install Postfix and Dovecot:
# yum update y
# yum install dovecot postfix
Then it adds to the start these two daemons:
# chkconfig postfix on
# chkconfig dovecot on
SSL
Before going any further we’ll have get or create a certificate and SSL private key. You can do it yourself with openssl, or ask for free on GlobalSign.NET (Linuxfr uses these certificates).
The key (freeman.key) is to put in/etc/pki/tls/private.
The certificate (freeman.crt) is to put in/etc/pki/tls/certs.
Then they are given good rights:
# chmod 0400 /etc/pki/tls/private/freeman.key
# chmod 0444 /etc/pki/tls/certs/freeman.crt
We’ll see after that Dovecot is responsible as root, so theoretically it has rights to read on freeman.key, but SELinux blocks. To compensate for this should be the following manipulation:
# restorecon – RvF/etc/pki
Postfix configuration
The configuration is done in the main.cf file, which is located in/etc/postfix. It will then define some aliases in/etc/aliases but we will see later.
# vi /etc/postfix/main.cf
Each parameter is widely commented and humanly understandable. Here, in the context of our tutorial, the settings to change:
myorigin = freeman.org
inet_interfaces = all
inet_protocols = ipv4
mydestination = freeman.org
home_mailbox = Maildir /.
Save and close. We then define the alias. We are going to redirect mail for root to the user “xavier”:
# vi/etc/aliases
# Person who should get root’s mail
root: xavier
Apply the alias and start postfix:
# newaliases(8)
# service postfix start
Create an account
As seen previously we do the “xavier” account:
# useradd m xavier
passwd xavier
The address of this account is [email protected]. Tip: to have a [email protected] address, use an alias (xavier.chotard: xavier).
Dovecot configuration
The configuration is cleverly divided into several configuration files:
# vi /etc/dovecot/dovecot.conf
protocols = imap
# vi /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir: ~ / Maildir
# vi /etc/dovecot/conf.d/10-ssl.conf
ssl_cert =